Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14101

Provide option to select TLS protocol version

Details

    • Task
    • Status: Closed (View Workflow)
    • Blocker
    • Resolution: Fixed
    • 10.4.6
    • SSL
    • None

    Description

      Currently it's not possible to run MariaDB with a specific TLS protocol, option --ssl_cipher=:TLSv1.2 excludes cipher suites < TLSv1.2, but doesn't set the protocol to TLSv1.2 only.

      Suggestion:

      --tls-version=versions
      

      Valid values are TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 (OpenSSL only) or a combination (separated by comma) of them.
      If not specified default=TLSv1,TLSv1.1,TLSv1.2, TLSv1.3 will be used for OpenSSL, TLSv1,TLSv1.1 for Yassl.

      Attachments

        1. MDEV_14101_10_2.patch
          21 kB
          Georg Richter
        2. MDEV-14101.patch
          16 kB
          Oleksandr Byelkin
        3. MDEV14101.patch_new
          15 kB
          Georg Richter

        Issue Links

          Activity

            georg, I don't seem to be able to find the patch. Where can I see it?

            may be it can go into an earlier version, but I need to see the patch first

            serg Sergei Golubchik added a comment - georg , I don't seem to be able to find the patch. Where can I see it? may be it can go into an earlier version, but I need to see the patch first

            Please reassign it when my review will be needed, just for now you can put your time here.

            sanja Oleksandr Byelkin added a comment - Please reassign it when my review will be needed, just for now you can put your time here.
            georg Georg Richter added a comment -

            Sanja,

            latest attachment is for 10.2 - it includes also fixes for MDEV-17184

            georg Georg Richter added a comment - Sanja, latest attachment is for 10.2 - it includes also fixes for MDEV-17184

            OK to push after testing on buildbot

            sanja Oleksandr Byelkin added a comment - OK to push after testing on buildbot

            I see that MariaDB Connector/C already supports this.

            It looks like the patch for the server was approved too. Is it ready to push, or does more work still need to be done?

            GeoffMontee Geoff Montee (Inactive) added a comment - I see that MariaDB Connector/C already supports this. It looks like the patch for the server was approved too. Is it ready to push, or does more work still need to be done?

            People

              georg Georg Richter
              georg Georg Richter
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.